<?
/** Authentication routines
 *
 *  This collection of functions (libary) is licensed under GPL2.
 *  See LICENSE or www.gnu.org for more details.
 *
 *  @author: Henri Ranki 26.11.2001
 *  $Id: dzpoke.php 595 2006-04-03 16:00:47Z jyry $
 */

include_once("dzitu.php");
include_once("dzconst.php");
include_once("dzgeneric.php");

/** Different targets for requests.
 *  Asema request are typically HTTP requests and the other two are xmlrpc
 */
define(DZ_ASEMA_REQ, "asema");
define(DZ_KONE_REQ, "kone");
define(DZ_APP_SERVER_REQ, "appserver");

/** Access check results
 */
define(DZ_POKE_NO_SESSION, "no_ses");
define(DZ_POKE_OK, "ok");
define(DZ_POKE_FAIL, "fail");
define(DZ_POKE_HIJAAK, "hijaak");


/**
 *  Class that controlls user access rights to given target module.
 */
class dzPoke {
    var $User;      /**str User's name*/
    var $Password;  /**str User's password*/
    var $Session;   /**str User's current session id*/
    var $Target;    /**str the target of the request see defines above */
    

    /** 
     * >$User:str   User's name
     * >$Password:str User's password
     * >$Session:str User's session id
     * >$Target:str The request target
     */
    function dzPoke($User, $Password, $Session, $Target) {
        $this->User = $User;
        $this->Password = $Password;
        $this->Session = $Session;
        $this->Target = $Target;
    } // dzPoke


    /** Check that the given user has access to
     *  @return int Access check result
     */
    function verifyUser() {
        soDebug("dzPoke->verifyUser: Verifying the requester", SOD_DET);
        switch ($this->Target) {
            case DZ_ASEMA_REQ:
                $result = $this->toAsema();
                break;

            case DZ_ASEMA_REQ:
                $result = $this->toKone();
                break;

            case DZ_ASEMA_REQ:
                $result = $this->toAppServer();
                break;
        } // switch $this->Target

        return $result;
    } // verifyUser


    /** Check user's access to Asema
     *  Check is done in two phases:
     *  1) Check the user from the session file. This is to speed up
     *    the user check. Hijaaked session go always to the second
     *    phase also.
     *  2) If the previous fails the user is checked from the db. From
     *    the dzsessions-table.
     *
     * @return string Access check result
     */
    function toAsema() {
        soDebug("dzPoke->toAsema: Checking access rights to Asema", SOD_DET);
        if ($this->Session) {
            /* First check from file */
            $result = $this->checkSessionFromFile();

            if ($result != DZ_POKE_OK) {
                /* Then check from the database */
                $result = $this->checkSessionFromDb();
                switch ($result) {
                    case DZ_POKE_OK:
                        /* Yet the first phase failed, the user owns
                           the session. Propably something's wrong with the
                           sessions file. Let's try to insert the session
                           again to the session file.*/
                        addSessionToFile($this->Session, $this->User);
                        $result = DZVU_USER_CHECK_OK;
                        break;

                    case DZ_POKE_FAIL:
                        $result = DZVU_CHECK_FAILED;
                        break;

                    case DZ_POKE_HIJAAK:
                        $result = DZVU_USER_CHECK_OK;
                        break;
                } // switch
            } else {
                $result =  DZVU_USER_CHECK_OK;
            }  // if $result
        } else {
            $result = DZ_POKE_NO_SESSION;
        } // else if $this->dzSession

        if ($result == DZVU_USER_CHECK_OK) {
            soDebug("dzPoke->toAsema: User check OK.", SOD_LO);
        } else {
            soDebug("dzPoke->toAsema: User check failed with code '".
                    $result."'", SOD_HI_E);
        }  // if

        return $result;
    } // toAsema


    /** Checks the user rights from the database.
     *  <:str Access check result: DZ_POKE_OK, DZ_POKE_FAIL or DZ_POKE_HIJAAK
     */
    function checkSessionFromDb() {
        soDebug("dzPoke: Checking rights from system database", SOD_DET);
        $itu = new dzItu();
        /* set request type */
        $itu->setBlockItem(DZI_CONTROL, DZK_REQUEST, DZK_REQ_CHECK_USER);
        /* Set user information */
        $itu->setBlockItem(DZI_CONTROL, DZK_SESSION, $this->Session);
        $itu->setBlockItem(DZI_CONTROL, DZK_USER, $this->User);
        /* Send result to Itu */
        $result_itu = sendRpcToKone($itu);
        /* Note that Kone returns ok in both cases if this were take over or
           the user owned the session. */
        $result = $result_itu->getBlockItemAt(DZI_CONTROL, DZK_RESULT);
        if ($result != DZVU_USER_CHECK_OK) {
            $ses_owner = $result_itu->getBlockItemAt(DZI_CONTROL, DZK_STATUS);
            if ($ses_owner == DZVU_SESSION_OWNER) {
                $result = DZ_POKE_OK;
            } else {
                $result = DZ_POKE_HIJAAK;
            } // if
        } else {
                $result = DZ_POKE_FAIL;
        } // if ($result != DZVU_USER_CHECK_OK)

        /* check for rpc error and result */
        if (isRpcError($result_itu)) {
            soDebug("dzPoke: RPC failed.", SOD_HI_E);
        }

        return $result;
    } // checkSessionFromDb


    /** Checks the user rights from the session file.
     *  @return string Access check result: DZ_POKE_OK or DZ_POKE_FAIL
     */
    function checkSessionFromFile() {
        soDebug("dzPoke: Checking rights from session file", SOD_DET);

        /* Check if the user owns the session Id */
        if (querySessionFromFile($this->Session, $this->User)) {
            $result = DZ_POKE_OK;
        } else {
            $result = DZ_POKE_FAIL;
        };

        return $result;
    } // checkSessionFromFile


    /** Check requesters access to kone
     * <:str Access check result
     */
    function toKone() {
        soDebug("dzPoke: Checking access rights to Kone", SOD_DET);

        return DZ_POKE_FAIL;
    } // toKone


    /** Check requester's access to application server
     * <:str Access check result
     */
    function toAppServer() {
        soDebug("dzPoke: Checking access rights to application server", SOD_DET);

        return DZ_POKE_FAIL;
    } // toAppServer

} // dzPoke
?>
